Page 55 of 521 results (0.009 seconds)

CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0

CVE-2017-7752 – Mozilla: Use-after-free with IME input (MFSA 2017-16)

https://notcve.org/view.php?id=CVE-2017-7752

A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada durante interacciones de usuario específicas con el IME (input method editor) en algunos lenguajes debido a la forma en la que se gestionan los eventos. Esto resulta en un cierre inesperado potencialmente explotable, pero sería necesaria interacción específica del usuario para desencadenarlo. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://bugzilla.mozilla.org/show_bug.cgi?id=1359547 https://www.debian.org/security/2017/dsa-3881 https://www.debian.org/security/2017/dsa-3918 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 https://www.mozilla.org/security/advisories • CWE-416: Use After Free •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 1

CVE-2017-7754 – Mozilla: Out-of-bounds read in WebGL with ImageInfo object (MFSA 2017-16)

https://notcve.org/view.php?id=CVE-2017-7754

An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Lectura fuera de límites en WebGL con un objeto "ImageInfo" maliciosamente manipulado durante las operaciones WebGL. La vulnerabilidad afecta a Firefox en versiones anteriores a la 54, Firefox ESR en versiones anteriores a la 52.2 y Thunderbird en versiones anteriores a la 52.2. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://bugzilla.mozilla.org/show_bug.cgi?id=1357090 https://www.debian.org/security/2017/dsa-3881 https://www.debian.org/security/2017/dsa-3918 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 https://www.mozilla.org/security/advisories • CWE-125: Out-of-bounds Read •

CVSS: 9.1EPSS: 0%CPEs: 17EXPL: 1

CVE-2017-7758 – Mozilla: Out-of-bounds read in Opus encoder (MFSA 2017-16)

https://notcve.org/view.php?id=CVE-2017-7758

An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de lectura fuera de límites en el codificador Opus cuando el número de canales en una transmisión de audio cambia mientras el codificador sigue en uso. La vulnerabilidad afecta a Firefox en versiones anteriores a la 54, Firefox ESR en versiones anteriores a la 52.2 y Thunderbird en versiones anteriores a la 52.2. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://bugzilla.mozilla.org/show_bug.cgi?id=1368490 https://www.debian.org/security/2017/dsa-3881 https://www.debian.org/security/2017/dsa-3918 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 https://www.mozilla.org/security/advisories • CWE-125: Out-of-bounds Read •

CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 2

CVE-2017-9461 – samba: fd_open_atomic infinite loop due to wrong handling of dangling symlinks

https://notcve.org/view.php?id=CVE-2017-9461

smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. smbd en Samba versiones anteriores a 4.4.10 y 4.5.x versiones anteriores a 4.5.6, tienen una vulnerabilidad de denegación de servicio (fd_open_atomic infinite loop con un alto uso de CPU y consumo de memoria) debido a un manejo inadecuado de los enlaces simbólicos colgantes. A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. • http://www.securityfocus.com/bid/99455 https://access.redhat.com/errata/RHSA-2017:1950 https://access.redhat.com/errata/RHSA-2017:2338 https://access.redhat.com/errata/RHSA-2017:2778 https://bugs.debian.org/864291 https://bugzilla.samba.org/show_bug.cgi?id=12572 https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=10c3e3923022485c720f322ca4f0aca5d7501310 https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html https://access.redhat.com/security/cve/CVE-2017-9461 https: • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 9.0EPSS: 2%CPEs: 18EXPL: 0

CVE-2017-9462 – mercurial: Python debugger accessible to authorized users

https://notcve.org/view.php?id=CVE-2017-9462

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. En Mercurial, en versiones anteriores a la 4.1.3, \"hg serve --stdio\" permite que usuarios autenticados remotos inicien el depurador de Python y, como consecuencia, ejecuten código arbitrario utilizando --debugger como nombre del repositorio. A flaw was found in the way "hg serve --stdio" command in Mercurial handled command-line options. A remote, authenticated attacker could use this flaw to execute arbitrary code on the Mercurial server by using specially crafted command-line options. • http://www.debian.org/security/2017/dsa-3963 http://www.securityfocus.com/bid/99123 https://access.redhat.com/errata/RHSA-2017:1576 https://bugs.debian.org/861243 https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html https://security.gentoo.org/glsa/201709-18 https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499 https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29 https://access.redhat.com/security/cve/CVE-2017-9462 https: • CWE-284: Improper Access Control CWE-732: Incorrect Permission Assignment for Critical Resource •